The SME space is changing, and emerging leaders are utilising affordable, flexible and scalable big data and analytics tools. SMEs are confident about their ability to innovate, but much less certain about their ability to use big data and advanced analytics to do so...

For businesses large and small, relying on a cloud-based collaboration and productivity suite such as Microsoft Office 365 is becoming the norm. Enhancing productivity in your organisation is vital to get ahead in 2017 - and using Office 365 can help, if it's used right...

Automated Blackhole Trojan targeting FedEx customers

Fake parcel delivery notes contain unwanted surprise

Security vendors have uncovered a new mass phishing campaign, tied to the Blackhole exploit kit, which is targeting FedEx customers.

Symantec and Webroot issued statements confirming they had detected an influx of malicious, malware-containing emails masquerading as FedEx receipts.

"Symantec Security Response is aware that fake FedEx emails have been circulating recently. The emails claim the user must print out a receipt by clicking on a link and then physically go to the nearest FedEx office to receive their parcel," said Shunichi Imano, a Symantec security researcher in a company blog.

"Obviously the parcel does not exist and those who click on the link will be greeted by a PostalReceipt.zip file containing a malicious PostalReceipt.exe executable file. Instead of receiving a parcel, which the user did not order in the first place, Trojan.Smoaler is delivered to the computer."

At the time of publishing FedEx had not responded to V3's request for comment, though the company has posted a statement online confirming it is aware of the scam.

"The emails are asking you to click on a link and print a receipt to take to your nearest FedEx location. FedEx does not send unsolicited emails to customers requesting information regarding packages, invoices, account numbers, passwords or personal information."

Webroot has since issued a separate warning linking the campaign to the Blackhole exploit kit. It accused the same group of cyber criminals responsible for a similar campaign targeting PayPal customers as being behind it.

"We've already seen the same IP (222.238.109.66) and name servers used in the following previously profiled malicious campaigns, indicating that they've been launched by the same party," warned Webroot's Dancho Danch.

Symantec backed up Webroot's findings, confirming its research had come to the same conclusion.

"The Fedex spam works by tricking users into clicking an email link to a compromised domain. This then redirects users to malicious domains which host exploit kits such as Blackhole or CoolEK," Symantec security response senior manager, Orla Cox told V3.

"These then exploit known vulnerabilities which ultimately deliver the Smoaler payload. The technique used is very similar to other spam botnets such as Trojan.Pandex."

Blackhole is one of many exploit kits available on the cyber black market. It allows non-skilled criminals to mount automated cyber attacks.